E-Threats Mobile & Gadgets

Android Malware Report – May 2012

With spring in its final days, it’s time to look at some of the freshly planted creepy crawlies that be awaiting harvest on our Android phones. A look at Android malware stats for the month of May show some new threats creeping up in our pie chart as well as some old  pests, such as Android.Trojan.FakeDoc.A, Android.Exploit.RATC.A, and Android.Exploit.GingerBreak.A.

The newest contender to first place is Android.Adware.Mulad.A, a crafty adware that managed to sneak into 29.89% of the Android devices in our analysis pool.

Closely followed by “Battery Doctor” (also known as Android.Trojan.FakeDoc.A) with a 23.37% infection rate, we’re left to conclude that either awareness of this Trojan is still pretty low or people simply don’t mind having their devices pried into. Not only have we covered its existence in our Q1 malware report, but we’ve also seen it lead April’s malware chart.

Android.Exploit.RATC.A, Android.Exploit.GingerBreak.A, and Android.Exploit.Exploid.B have all fallen one position compared to last month’s report, which is understandable since a new adware leads the threat list. These types of exploits will undoubtedly show up in our stats for months to come.  As long as people are willing to root their devices, they’ll almost certainly still be harvesting them come autumn.

Although Android.Hacktool.Faceniff.A occupies the same sixth place, it does however affect only 2.38% of devices, compared to last month’s 3.19%. Statistically speaking, the difference is negligible and having it constantly poking us is a matter of inconvenience rather than a serious threat.

Worth mentioning is a second adware (Android.Adware.Wallap.A) which, although ranked seventh in our chat, proves that adware is definitely on the rise. We’d even go as far as speculating that next month’s report will feature Android.Adware.Wallap.A packing a slightly higher detection rate.

The Android.Trojan.NotCompatible.A Trojan has been spotted a couple of weeks back as trying to trick Android users into downloading a fake update on their devices. Following a couple of drive-by attacks, a hidden frame was injected into some websites, causing Android owners who use their built-in browser to receive a fake notification update. The downloaded file is “Update.apk” and the application is named “com.Security.Update” so that everyone will execute it when user assistance is prompted. Ranked eighth in our chart, this Trojan will probably fade out of existence unless more websites are hit by the same drive-by attacks.

The premium SMS Trojan, Android.Trojan.SMSSend.G, has fallen four positions, ending up number nine. Dropping from 3.34% to 1.80% in a month could indicate we’re witnessing its demise and that it won’t be present in next month’s stats.

Your Facebook, Twitter, and LinkedIn usernames and passwords are still not safe, because Android.Hacktool.DroidSheep.A is still in our top ten malware chart. Headstrong and not going away, we still issue a warning to those in the habit of downloading bizarre and questionable apps from strange marketplaces.

Concluding that Android malware threats are still real and continuously thriving, you should be careful about what you’re downloading, installing and browsing. This May’s Android malware report will have hopefully raised more awareness on the threats your Android device is facing.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

4 Comments

Click here to post a comment